Vendors, Police and Europol Begin Ransomware Fightback

An initiative to educate and prevent further ransomware payments has been launched by Europol, law enforcement and the private sector.

Called 'No More Ransom', it is led by Intel Security, the Dutch National Police, Europol and Kaspersky Lab and is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cyber-criminals.

With the number of ransomware victims growing at an alarming rate – according to Kaspersky Lab the number of users affected rose from 131,000 in 2014-2015 to 718,000 in 2015-2016 – the portal is intended for users to find information on what ransomware is, how it works and how to protect themselves.

In its initial stage, the portal contains four decryption tools for different types of malware, including for CoinVault and the Shade Trojan. In May, ESET claimed that it had contacted TeslaCrypt’s authors after spotting a message announcing they were closing their ‘project’ and offered a decryption key.

Raj Samani, EMEA CTO for Intel Security, told Infosecurity that both Intel Security and Kaspersky had developed decryption tools to apply against Teslacrypt, and these will be posted to the website shortly.

The portal states that “the more parties supporting this project the better the results can be, this initiative is open to other public and private parties”. Asked how decryption tools will be hosted and vetted for legitimacy, Samani said: “The update process for the decryption tools page will be rigorous. Only a small number of individuals will be able to post updates there and any such updates will be approved by every party before being added to the page.”

Jornt van der Wiel, security researcher at the Kaspersky Lab Global Research and Analysis Team, added: “The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result."

“We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together.”

The No More Ransom website offers to the victims the possibility to report a crime, directly connecting with Europol’s overview of national reporting mechanisms, and advises victims to not pay the ransom. Wil van Gemert, Europol deputy director operations, said: “We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware.”

Samani concluded: “This collaboration goes beyond intelligence sharing, consumer education, and takedowns to actually help repair the damage inflicted upon victims. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.”

Brian Honan, CEO of BH Consulting, told Infosecurity that he felt that the No More Ransom initiative was a great example of how public-private partnerships can work together in tackling cybercrime.

“The No More Ransom website is a viable alternative to victims to look to rather than accede to the ransom demand,” he said.

“However, the challenge is to make sure that likely victims are aware of the No More Ransom website and also that the website is regularly updated to deal with the latest variants of ransomware. I hope that Computer Emergency Response Teams, local Law Enforcement Agencies, security professionals, vendors, and both mainstream and industry media, proactively promote the use of such tools.”